Uber accidentally leaks personal data for hundreds of drivers

Uber accidentally exposed the personal data of hundreds of its drivers last night, revealing social security numbers, pictures of driver licenses, vehicle registration numbers, and other information.

Drivers registered with the ridesharing company first noticed the leak on Tuesday evening, reporting the news on Reddit, and dedicated Uber message boards.

One driver said that he was presented with thousands of confidential documents from other drivers when he tried to upload a document of his own, saying that he saw "a lot of taxi certification forms and livery drivers licenses" in addition to "W-9 forms with Social Security numbers for taxi cab companies." The company acknowledged the mistake in a statement sent out a few hours after the first reports surfaced. "We were notified about a bug impacting a fraction of our US drivers earlier this afternoon," an Uber spokesperson said.

"Within 30 minutes our security team had fixed the issue." Uber said the problem affected no more than 674 drivers in the United States, and that registered drivers who logged in to their Uber accounts were inadvertently presented with the information on the "documents" page. The leak was reportedly connected to the release of Uber's new "Uber Partner" app, which the company said was "designed to give drivers more information so Uber works better for them."

Uber has been lax with driver details in the past — in March, it was reported that the ridesharing company stored sensitive information that could allow access to its database of 50,000 drivers on programming repository GitHub, where it could be accessed by outsiders. Uber users, too, have been affected by security issues — the company only fixed an issue that allowed hackers to keep control of stolen Uber accounts late last week. Earlier hacked Uber accounts were used in China.

It's not yet clear whether the driver data exposed today was collected by anyone with nefarious intentions, but those registered with Uber are understandably concerned. "This info is worse than credit card information," one forum user wrote. "This info can be used to create accounts and verify identities online." In its statement, Uber said it apologized for the mistake, and that it would follow up with drivers directly.